Organisations are increasingly relying on digital service providers to handle IT but in many cases these suppliers are failing to mitigate client risk, according to a report.
Softtek’s The State of Digital Third-Party Risk 2016 – In Partners We Trust report found overall security was weakening, with more missing security controls discovered during supplier assessments in 2015 than in 2014.
Such controls include secure disposal or reuse of equipment, cryptography policies and audits, and there was an average increase of nine in the number of failed controls per supplier during 2015.
As a result Softtek is calling for CPO’s and other leading executives to reinforce digital third-party risk management programmes.
The study was based on 1,236 assessments of 286 controls at small, midsize and large suppliers in North America, Latin America, Europe and Asia.
It found the average compliance level of suppliers in 2015 was 89%, down 3.5% on 2014.
Among the findings of the report was that most organisations fail to actively monitor third parties for digital security best practice, usually underestimating their exposure to risk.
Over half of the third parties analysed in the report failed to pass key controls, which the report said indicated a high likelihood that these risks could turn into losses for the businesses contracting with them.
The report is calling for executives to better understand their third parties security procedures, which will help measure the risks they are exposed to and reduce them.
Executives were also warned that while third-party providers may pass a test when they are initially contracted they may fail it at a later time. This means procedures that can reassess IT and digital security efforts would be more effective.
And while a large majority of third parties surveyed failed several controls, the true impact that their customers would face would depend greatly on the type of relationship as well as the nature and quantity of information being shared.
☛ Want to stay up to date with the news? Sign up to our daily bulletin.